Card emulation is an Android NFC capability that lets a phone behave like a contactless card. Instead of reading another tag, the device presents card-like data to a payment terminal, door reader, or other NFC system. This is the basis for many mobile wallet and access-control use cases.
It matters in security because the phone can be a trusted endpoint in a transaction, but that trust depends on the app, operating mode, and surrounding controls. In attacks, malware may try to abuse card emulation or combine it with NFC relay techniques, making one device appear to be the card while another device forwards the exchange. Defenders reduce risk with strong app validation, secure hardware-backed payment paths, transaction monitoring, user presence checks, and controls that detect forwarded or unusually delayed NFC sessions.



